CVE-2024-3181
CVSS V2 None
CVSS V3 None
Description
Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting
Overview
- CVE ID
- CVE-2024-3181
- Assigner
- ConcreteCMS
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-04-03T19:09:44.345Z
- Last Modified Date
- 2024-06-04T17:31:29.530Z
Weakness Enumerations
References
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-3181 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3181 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-23 23:14:27 | Added to TrackCVE |